July 2026
New versions of Heretto products are here! Read on to learn what's new. 🚀
Heretto product versions released this month:
-
Heretto CCMS 26.07.02
Heretto Deploy API 26.07.02
Heretto Portal 26.07.02
July 2, 2026
New versions of Heretto CCMS, Deploy API, and Portal are coming your way!
Heretto CCMS 26.07.02
-
Fixed. We resolved an issue where editing locales could lead to CCMS instability. This happened when the locale editor read a document for validation while it was still being written to, leaving it in an inconsistent state that caused validation to loop and memory usage to climb. This was more likely with very large files containing numerous tables, where writing and validating the document took longer and increased the chance of the two processes overlapping. We've corrected the timing issue so a document is no longer validated while still being written to, and added cycle protection to the validator so it can detect and stop this kind of looping before it exhausts memory.
Heretto Deploy API 26.07.02
-
Added. Deploy API responses now include the HTTP
Strict-Transport-Securityheader, set to a max-age of 12 months with theincludeSubDomainsandpreloaddirectives. This ensures browsers automatically upgrade requests to the Deploy API to HTTPS, consistent with the same header already present in portal responses. -
Fixed. We fixed an issue in the Get content and metadata for a page endpoint where the top-level
typeproperty and thetypeproperty inbreadcrumbsentries could report incorrect values. In some cases, the item's owntypeshowed the type of its parent instead of itself, and in some cases, an ancestor'stypeinbreadcrumbswas missing entirely. This affected both active sync and manual deployment portal environments. Now, both properties correctly reflect the type of the content item they describe, including sitesections, versions, topicrefs, topicheads, and OpenAPI tags and pages.
Heretto Portal 26.07.02
-
Added. Members of a content team with access to more than one portal audience can now preview a Heretto Portal v6 site as each of those audiences would see it, making it easier to confirm that access-restricted content is scoped correctly. This capability is configurable separately for each environment and is off by default. The selector can be populated either with the audiences returned by the identity provider at login or with a default set of audiences configured for that environment. The selected audience persists as the user moves between pages. When a different audience is selected, the portal shows all content associated with that audience, including content shared across audiences.
-
Added. Heretto Portal v6 sites can now show an introductory section directly below the hero section, on both the home page and section pages (the pages that show tiles). On the home page, the introductory section shows a heading and description that are set in
config.json. On section pages, it automatically shows the title and short description added in thesitesectionelement. The introductory section is off by default and can be turned on separately for the home page and for section pages. -
Added. Homepage tiles in Heretto Portal v6 can now show a More link when a
sitesectionelement has more child sitesections than the tile can show links for. The link takes users to the parent section page, where they can see everything it contains. The link is off by default and can be turned on in config.json, where a limit can also be set for how many links a tile shows before the More link appears. -
Fixed. We fixed a behavior in Heretto Portal v6 involving the
authRequiredsetting, which redirects unauthenticated users directly to the sign-in page and blocks access to content until they log in. With two or more identity providers configured, enablingauthRequiredcaused the portal to redirect automatically to the first configured identity provider instead of letting users choose which one to use. The portal now shows the sign-in page in this case as well, letting users select which identity provider to use.Note:Configuring multiple identity providers is done entirely in config.json and takes effect without a portal restart. The
authRequiredsetting also lives in config.json, but changing it requires restarting the portal, which the Heretto team must assist with. -
Fixed. We fixed an issue in Heretto Portal v6 that affected how breadcrumbs were shown in search results for pages with API specifications published with Heretto API Docs. Breadcrumbs weren't present in portal environments published with manual deployments and were shown partially in portal environments published with active sync deployments. Now, search results show the full breadcrumb path for API Docs pages in both deployment types. To learn how to publish API specifications to Heretto Portal, see Heretto Portal API Docs.
-
Fixed. We fixed a Heretto Portal v6 issue in versioned content where using breadcrumbs to navigate to a page could incorrectly open the related section page (the page that shows tiles) instead of going directly to the content page. Breadcrumbs for versioned content now default to opening the content page directly, matching the default behavior when the
outputclassattribute on thesitesectionortopicheadelement is set toview-toc. Versioned content still opens to its section page if thatoutputclassattribute is set toview-tiles. -
Fixed. We fixed a behavior in Heretto Portal v6 where active sync portal environments could show a 404 error page for topics referenced by a
topicrefwithtoc="no". This was a side effect of a recent improvement to how active sync portal environments handle content structure. It only affected active sync portal environments, not manual deployment portal environments. Such topics now show their content correctly in both types of portal environments. -
Enhanced. The
Strict-Transport-Securityheader returned by Heretto Portal v6 now includes thepreloaddirective, in addition to the existingmax-ageandincludeSubDomainsdirectives. This enables sites that meet the preload requirements to be included in browser HSTS preload lists, providing stronger protection against protocol downgrade and cookie hijacking attacks.
July 1, 2026
We introduced a new metadata type, extracted metadata, now available in Beta.
Heretto CCMS
-
Announcement. We've released a new metadata type called extracted metadata (Beta), which lets you bring information that already exists inside your DITA files into reports for content analysis and insight.
Extracted metadata is currently used only for reporting purposes, though additional use cases may be supported in future releases. Its values are extracted from the content and semantics of your DITA files using custom XPath expressions. Extracted metadata is not included in files or in Heretto Deploy API or Heretto Portal outputs. Instead, it is stored in a CCMS database and made available in these Insights (Beta) reports: Content Report and Localization Report.
For details on metadata available in the CCMS, including extracted metadata, see Metadata Governance in Heretto CCMS. For extracted metadata configurations, see Extracted Metadata Configurations.
Note:This feature is currently in Beta and available to a limited group of customers. General availability for all Heretto customers will follow the conclusion of the Beta phase. Full rollout dates will be shared when available.